Recently I came across a few projects that had many Dependabot PRs open against them.
Best practice would be to check that after a version update, software behaves the same and there is no regression, but this means that after merging in each version bump, we need to:
In an example where we have 5 packages that need updates, it would take 5 * the time it takes to merge a single one. What if we could merge all 5 at the same time?
git branch -r | grep 'origin/dependabot/' | while read -r branch ; do git cherry-pick $(git rev-parse $branch) ; done
This shell script parses origin
for dependabot pull requests, and cherry picks all of them into your current branch.
This is a 500% increase! (in our example)
I put the gist here